Hi Yoav,
On 28/01/2018, 19:38, "Yoav Nir" wrote:
> > What I was thinking was rather "once handshake is done and client has
> > successfully passed the SNI checks, just blindly copy the byte stream
> > across." I had this specific mental model (that of an HTTPS filter) in
> > my head, which of cou
Hi, Thomas
Inline
> On 28 Jan 2018, at 12:19, Fossati, Thomas (Nokia - GB/Cambridge, UK)
> wrote:
>
> Hi Yoav,
>
> Thanks for the answers - much appreciated.
>
> On 27/01/2018, 19:31, "Yoav Nir" wrote:
>> The length field is byte-aligned. So any implementation of a TLS
>> parser or TLS prox
Hi Yoav,
Thanks for the answers - much appreciated.
On 27/01/2018, 19:31, "Yoav Nir" wrote:
> The length field is byte-aligned. So any implementation of a TLS
> parser or TLS proxy will do one of two things:
>
> 1. Consider the MSB to be a must-be-zero bit and drop any length field
> that has i
> On 27 Jan 2018, at 18:30, Fossati, Thomas (Nokia - GB/Cambridge, UK)
> wrote:
>
> Hi TLS middle-box/middleware folks,
>
> If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is
> set, how does your software react?
>
> Is it going to drop the session/record or not bothering at
Hi TLS middle-box/middleware folks,
If length's MSB in a D?TLS{Ciphertext,Plaintext,Compressed} record is
set, how does your software react?
Is it going to drop the session/record or not bothering at all?
I'm trying to understand a bit better whether and when it'd be safe to
grab that bit and gi
